diff options
author | Leonardo Arena <rnalrd@gmail.com> | 2010-03-18 07:51:25 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@gmail.com> | 2010-03-18 07:51:25 +0000 |
commit | 265b5747b9dd90b6a6f06b2b8f60618083ebd61b (patch) | |
tree | d79c82b1edd198269aa3e6e89b41ea3400c996ff /main/heimdal/return-invalid-enctype-for-weak-crypto.patch | |
parent | 9f688b7be68cbc63ff1899a039daf20eaaf8f002 (diff) | |
download | aports-265b5747b9dd90b6a6f06b2b8f60618083ebd61b.tar.bz2 aports-265b5747b9dd90b6a6f06b2b8f60618083ebd61b.tar.xz |
main/heimdal: filter invalid enctypes instead of rejecting
Diffstat (limited to 'main/heimdal/return-invalid-enctype-for-weak-crypto.patch')
-rw-r--r-- | main/heimdal/return-invalid-enctype-for-weak-crypto.patch | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/main/heimdal/return-invalid-enctype-for-weak-crypto.patch b/main/heimdal/return-invalid-enctype-for-weak-crypto.patch new file mode 100644 index 000000000..c8ce39fef --- /dev/null +++ b/main/heimdal/return-invalid-enctype-for-weak-crypto.patch @@ -0,0 +1,48 @@ +--- a/lib/krb5/context.c ++++ b/lib/krb5/context.c +@@ -825,23 +825,33 @@ KRB5_LIB_FUNCTION krb5_error_code KRB5_LIB_CALL + krb5_set_default_in_tkt_etypes(krb5_context context, + const krb5_enctype *etypes) + { ++ krb5_error_code ret; + krb5_enctype *p = NULL; +- int i; ++ unsigned int n, m; + + if(etypes) { +- for (i = 0; etypes[i]; ++i) { +- krb5_error_code ret; +- ret = krb5_enctype_valid(context, etypes[i]); +- if (ret) +- return ret; +- } +- ++i; +- ALLOC(p, i); ++ for (n = 0; etypes[n]; n++) ++ ; ++ n++; ++ ALLOC(p, n); + if(!p) { +- krb5_set_error_message (context, ENOMEM, N_("malloc: out of memory", "")); ++ krb5_set_error_message (context, ENOMEM, ++ N_("malloc: out of memory", "")); + return ENOMEM; + } +- memmove(p, etypes, i * sizeof(krb5_enctype)); ++ for (n = 0, m = 0; etypes[n]; n++) { ++ ret = krb5_enctype_valid(context, etypes[n]); ++ if (ret) ++ continue; ++ p[m++] = etypes[n]; ++ } ++ p[m] = ETYPE_NULL; ++ if (m == 0) { ++ free(p); ++ krb5_set_error_message (context, KRB5_PROG_ETYPE_NOSUPP, ++ N_("no valid enctype set", "")); ++ return KRB5_PROG_ETYPE_NOSUPP; ++ } + } + if(context->etypes) + free(context->etypes); + |